The present invention relates to synchronization methods for a redundantly structured automation system including at least two subsystems. According to the present invention, the sequences of machine instructions for the subsystems contain run-time queries. When the run-time queries are reached, the actual run time since the last synchronization of the subsystems is determined. However, a synchronization is only carried out when the actual run time exceeds a preselectable synchronization reference pattern. The run-time queries are always inserted then into the sequence of machine instructions when a summed run-time expected value of the machine instructions exceeds a preselectable critical time.
|
8. A method for generating a sequence of machine instructions from an application program for at least two subsystems of a redundantly structured automation system comprising steps of:
a) summing run times of the machine instructions when the sequences of machine instructions are generated to obtain a run-time expected value; and b) inserting a run-time determination instruction into the sequence of machine instructions and resetting the run-time expected value at least when the run-time expected value exceeds a preselectable critical time.
1. A synchronization method for a redundantly structured automation system including two subsystems interconnected via communication means comprising steps of:
a) concurrently executing, in the subsystems, identical sequences of machine instructions for the subsystems, the sequences of machine instructions containing run-time determination instructions; b) determining the actual run time of one of the subsystems since the last synchronization of the subsystems when said one of the subsystems reaches a run-time determination instruction; and c) invoking a synchronization routine in said one of the subsystems when the actual run time of said one of the subsystems exceeds a preselectable synchronization reference pattern.
2. The synchronization method according to
executing a run time determination instruction when the run-time determination instruction is reached by one of the subsystems, only when the other subsystem reaches a corresponding run-time determination instruction in its sequence of machine instructions.
3. The synchronization method according to
generating the sequences of machine instructions from an application program; summing run times of the machine instructions when the sequences of machine instructions are generated to obtain a run-time expected value; and inserting a run-time determination instruction into the sequence of machine instructions and resetting the run-time expected value at least when the run-time expected value exceeds a preselectable critical time.
4. The synchronization method according to
inserting a run-time determination instruction into the sequence of machine instructions prior to every jump instruction.
5. The synchronization method according to
inserting a run-time determination instruction into the sequence of machine instructions prior to every conditional jump instruction.
6. The synchronization method according to
7. The synchronization method according to
9. The generation method according to
inserting a run-time determination instruction into the sequence of machine instructions prior to every jump instruction.
10. The generation method according to
inserting a run-time determination instruction into the sequence of machine instructions prior to every conditional jump instruction.
11. The generation method according to
12. The synchronization method according to
|
|||||||||||||||||||||||||
The present invention relates to synchronization methods for a redundantly structured automation system consisting of at least two subsystems interconnected via communication means. The present invention also relates to a method for generating a sequence of machine instructions from an application program for the subsystems of a redundantly structured automation system consisting of at least two subsystems.
Synchronization methods for automation systems are generally known. The automation system can work, for example, in clock-controlled or in event-controlled synchronism. Furthermore, the European Patent Application No. EP 0 497 147 A2 discusses a method for operating a redundantly structured programmable controller consisting of two subunits, in which the subsystems synchronize themselves, at the latest, after an expiration of a time preselectable by the user.
In methods known heretofore, any jumps (branching) occurring in the programs executed by the subsystems cause the "previous history" (previous state) to be lost. As a consequence, the subsystem in question can no longer determine when the last synchronization was performed. This in turn, requires a synchronization before any jump (branching) instruction. In this respect, the method according to the European Patent Application No. EP 0 497 147 A2 is not optimal since extra time is spent unnecessarily on the synchronization.
Therefore, there exists a need to definitely and reliably guarantee a reproducible alarm-reaction time, given the lowest possible degree of complexity, for synchronization tasks. Moreover, there exists a need to allow the computing capacity of the automation system to be better utilized by minimizing the degree of complexity required for synchronization. Furthermore, avoiding manual interventions in the application program, which could cause errors, is also desired.
The present invention fulfills the aforementioned needs by providing a synchronization method having the following features:
identical sequences of machine instructions for the subsystems are executed concurrently in the subsystems, the sequences of machine instructions containing run-time queries;
when one of the subsystems reaches a run-time query, the actual run time of that subsystem since the last synchronization of the subsystems is determined;
a synchronization routine is invoked in that subsystem when the actual run time of that subsystem exceeds a preselectable synchronization reference pattern.
The sequences of machine instructions are produced from an application program. When the sequences of machine instructions are generated, the run times of the machine instructions are summed to obtain a run-time expected value. At the latest, when the run-time expected value exceeds a preselectable critical time, a run-time query is inserted into the sequence of machine instructions, and the run-time expected value is reset.
The sequences of machine instructions can be generated, with respect to the run time of the application program, in an interpreter. In the same way, the sequence of machine instructions can also be produced in advance with a compiler.
A virtually instruction-controlled, synchronous operation of the subsystems can be achieved as follows. When a run-time query is reached by one of the subsystems, the run-time query is not executed until the other subsystem reaches the corresponding run-time query in its sequence of machine instructions.
In a manner similar to the synchronization prior to jump (branching) instructions in the case of prior art, the present invention always inserts a run-time query into the sequence of machine instructions, in particular prior to conditional jump (branching) instructions.
When the preselectable critical time is less, especially considerably less, than the synchronization reference pattern for synchronizing the subsystems, the alarm-reaction time can be reproduced even more exactly.
FIG. 1 is a block diagram of an automation system.
FIG. 2 illustrates the principle of the method of the present invention for generating machine instructions.
In accordance with FIG. 1, the automation system 1 includes two subsystems 2, 2', which jointly control a technological process P, for example a burner installation. For this purpose, signals indicative of the current state of the process P are transmitted by the transmitters 3, 3' to the subsystems 2, 2'. The transmitted process signals are processed in the central processing units 4, 4'. Based on the processing, switching commands are output to the final controlling elements 5, 5'.
The input signals are processed and the output signals are determined concurrently in the central processing units 4, 4'based on identical sequences of machine instructions MP, which are stored in the storage units 6, 6'.
The sequences of machine instructions MP contain run-time queries. When the subsystems 2, 2' reach such a run-time query, the run time of the subsystems 2, 2' since the last synchronization of the subsystems 2, 2' is retrieved from the timers (e.g., internal counters) 7, 7'. This run time is compared to a synchronization reference pattern that can be preset specifically to the application. If the run time retrieved from the timers 7, 7' is less than the synchronization reference pattern, the system continues to process the sequence of machine instructions MP. In such instances, the lack of synchronization upon reaching the run-time queries does not have an adverse effect since the differences in running time among the subsystems 2, 2' lie within tolerance limits.
If the run time retrieved from the timers 7, 7' exceeds the synchronization reference pattern, then the communications processors 8, 8' are invoked. The communications processors 8, 8' execute a synchronization routine, by means of which the subsystems 2, 2' synchronize themselves to one another. Data are thereby exchanged between the communications processors 8, 8', inter alia, via the communication line 9. The synchronization itself follows in a generally known manner, and as such, will not be explained in greater detail. After a synchronization has been performed, the timers 7, 7' are reset.
It was described above that the sequences of machine instructions MP are immediately executed further, independently of one another, when the run times of the subsystems 2, 2' do not yet exceed the synchronization reference pattern. However, the following procedure may be used as an alternative.
In the alternative method, when a run-time query is first reached by the subsystem 2, the central processing unit 4 of the subsystem 2 pauses and signals via the communications processor 8 and the communication line 9 to the communications processor 8' of the subsystem 2' that the run-time query has been reached. The run-time query itself is not executed by the subsystem 2 until the subsystem 2' has also reached the corresponding run-time query in its sequence of machine instructions MP and when the subsystem 2' has reported this fact via the communications processor 8' and the communication line 9 to the communications processor 8 of the subsystem 2. In this manner, a virtually instruction-controlled synchronism of the running of the two subsystems is achieved.
In this case, to avoid instances of system blocking, the sequence of machine instructions MP must continue to be processed in the subsystem 2 if the subsystem 2' does not acknowledge, within a preselectable waiting period, that the corresponding run-time query has been reached.
As shown in FIG. 2, the sequence of machine instructions MP from the application program AP is produced by means of a translating unit 10. The application program AP consists of a sequence of user-originated commands, which can be written in a standard language or in an assembler code. For each command, a corresponding run time is stored in the storage unit 11. When the instructions of the application program AP are compiled, the corresponding run times are retrieved by the translating unit 10 from the storage unit 11 and summed to obtain a run-time expected value. At the latest, when the run-time expected value exceeds a preselectable critical time, a run-time query is inserted into the sequence of machine instructions, and the run-time expected value is reset. The critical time can be specifically defined based on the application.
Independently of the current run-time expected value, a run-time query is always inserted into the sequence of machine instructions when the application program AP contains a jump (branching) instruction, in particular a conditional jump (branching) instruction. The run-time query is inserted into the sequence of machine instructions MP before the jump (branching) instructions.
The preselectable critical time is preferably considerably less than the synchronization reference pattern. A typical synchronization reference pattern lies, for example, within the range of between 5 and 20 ms while the critical time typically is of the order of 1 ms.
The translating unit 10 can be optionally designed as a compiler or as an interpreter. When a compiler is used as the translating unit 10, the translating unit 10 must be present only once since the machine program MP can be generated as often as needed, for example by means of copying, and can then be stored in the subsystems 2, 2'. However, when an interpreter is used as the translating unit, the translating unit 10 must be present in each of the subsystems 2, 2'. This entails additional costs. The cost disadvantage is particularly serious when not just two, but rather three or four subsystems are present.
The automation system 1 can be both a programmable controller, as well as a process control system or a process control computer.
Barthel, Herbert, Daar, Horst, Schuetz, Hartmut
| Patent | Priority | Assignee | Title |
| 10371748, | Jun 07 2007 | Texas Instruments Incorporated | Monitoring communication link in powered-up device for synchronization point sequence |
| 10955471, | Jun 07 2007 | Texas Instruments Incorporated | Operating state machine controllers after powering, decoupling, monitoring, coupling communications |
| 11567129, | Jun 07 2007 | Texas Instruments Incorporated | Synchronizing a device that has been power cycled to an already operational system |
| 11867759, | Jun 07 2007 | Texas Instruments Incorporated | Synchronizing a device that has been power cycled to an already operational system |
| 6934882, | Feb 08 2001 | Siemens Aktiengesellschaft | Method and device to transmit data |
| 7155704, | Jun 30 1998 | Sun Microsystems, Inc. | Determinism in a multiprocessor computer system and monitor and processor therefor |
| 8037355, | Jun 07 2007 | Texas Instruments Incorporated | Powering up adapter and scan test logic TAP controllers |
| 8078898, | Jun 07 2007 | Texas Instruments Incorporated | Synchronizing TAP controllers with sequence on TMS lead |
| 8225126, | Jun 07 2007 | Texas Instruments Incorporated | Adaptor detecting sequence on TMS and coupling TAP to TCK |
| 8458505, | Jun 07 2007 | Texas Instruments Incorporated | Adapter and scan test logic synchronizing from idle state |
| 8607088, | Jun 07 2007 | Texas Intruments Incorporated | Synchronizing remote devices with synchronization sequence on JTAG control lead |
| 8984319, | Jun 07 2007 | Texas Instruments Incorporated | Adapter power up circuitry forcing tap states and decoupling tap |
| 9903914, | Jun 07 2007 | Texas Instruments Incorporated | Target system recognizing synchronization point sequence on mode select input |
| Patent | Priority | Assignee | Title |
| 3810119, | |||
| 3921149, | |||
| 4703452, | Jan 03 1986 | AG COMMUNICATION SYSTEMS CORPORATION, 2500 W UTOPIA RD , PHOENIX, AZ 85027, A DE CORP | Interrupt synchronizing circuit |
| 4733353, | Dec 13 1985 | General Electric Company | Frame synchronization of multiply redundant computers |
| 4937741, | Apr 28 1988 | The Charles Stark Draper Laboratory, Inc.; CHARLES STARK DRAPER LABORATORY, INC , THE, CAMBRIDGE, MASSACHUSETTS A MA CORP | Synchronization of fault-tolerant parallel processing systems |
| 5193175, | Dec 09 1988 | Tandem Computers Incorporated | Fault-tolerant computer with three independently clocked processors asynchronously executing identical code that are synchronized upon each voted access to two memory modules |
| 5226152, | Dec 07 1990 | GENERAL DYNAMICS C4 SYSTEMS, INC | Functional lockstep arrangement for redundant processors |
| 5233615, | Jun 06 1991 | HONEYWELL INC , A CORPORATION OF DE | Interrupt driven, separately clocked, fault tolerant processor synchronization |
| 5239641, | Nov 09 1987 | Tandem Computers Incorporated | Method and apparatus for synchronizing a plurality of processors |
| 5301308, | Apr 25 1989 | Siemens Aktiengesellschaft | Method for synchronizing redundant operation of coupled data processing systems following an interrupt event or in response to an internal command |
| 5317726, | Nov 09 1987 | Tandem Computers Incorporated | Multiple-processor computer system with asynchronous execution of identical code streams |
| EP104490, | |||
| EP394514, | |||
| EP447576, | |||
| EP497147, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Mar 16 1994 | Siemens Aktiengesellschaft | (assignment on the face of the patent) | / | |||
| May 19 1994 | BARTHEL, HERBERT | Siemens Aktiengesellschaft | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007082 | /0471 | |
| May 19 1994 | DAAR, HORST | Siemens Aktiengesellschaft | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007082 | /0471 | |
| May 19 1994 | SCHUETZ, HARTMUT | Siemens Aktiengesellschaft | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007082 | /0471 |
| Date | Maintenance Fee Events |
| Feb 04 2000 | ASPN: Payor Number Assigned. |
| Nov 21 2000 | M183: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Nov 01 2004 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Nov 10 2008 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Jun 17 2000 | 4 years fee payment window open |
| Dec 17 2000 | 6 months grace period start (w surcharge) |
| Jun 17 2001 | patent expiry (for year 4) |
| Jun 17 2003 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Jun 17 2004 | 8 years fee payment window open |
| Dec 17 2004 | 6 months grace period start (w surcharge) |
| Jun 17 2005 | patent expiry (for year 8) |
| Jun 17 2007 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Jun 17 2008 | 12 years fee payment window open |
| Dec 17 2008 | 6 months grace period start (w surcharge) |
| Jun 17 2009 | patent expiry (for year 12) |
| Jun 17 2011 | 2 years to revive unintentionally abandoned end. (for year 12) |